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Report  Summary 


Introduction 


This  report  discusses  our  review  of  application  controls  over 
Banner  Student  Admissions,  Registration,  Academic  History, 
Financial  Aid  and  Accounts  Receivable  modules.    A  discussion  of 
application  controls  and  the  objectives  and  scope  of  this  audit  is 
included  in  Chapter  I.   Further  detail  for  the  audit  issues 
summarized  below  is  included  in  Chapters  II  and  III  of  the  report. 
Overall,  we  found  Banner  application  controls  provide  for  reliable 
processing  results. 


Student  Admissions 


The  Banner  Student  Admissions  module  establishes  admission 
records  and  identifies  items  an  applicant  should  provide  to 
complete  the  application  for  admission.   This  module  verifies 
students  are  admitted  in  accordance  with  University  criteria.   Our 
objective  was  to  ensure  students  are  admitted  according  to  Board  of 
Regents  policy  prior  to  registering  for  courses.   We  reviewed  data 
entry  controls  over  student  information  entered  into  the  Admissions 
module.    We  concluded  input  controls  were  adequate  to  ensure 
accuracy  and  completeness  of  student  admissions  data  entry. 


Student  Registration 


The  University  uses  Dial  Bear,  an  interactive  voice  response 
software,  for  student  registration.   Following  authorization  to 
register,  students  telephone  Dial  Bear  and  respond  to  a  voice 
recording  to  enter  registration  selections.   Dial  Bear  accepts  only 
valid  course  codes,  and  prevents  registration  based  on  course 
prerequisite  and/or  vacancy.   Once  students  confirm  their 
selections,  Dial  Bear  automatically  posts  the  selections  to  the 
Registration  module.   Registration  data  is  later  used  by  the 
Accounts  Receivable  module  to  assess  student  registration  fees. 


We  verified  Dial  Bear  properly  converts  student  data  entry  into 
Banner  machine-readable  form  and  posts  registration  additions  or 
deletions  to  the  Student  Registration  module.    We  concluded  input 
and  processing  controls  over  Student  Registration  were  adequate 
to  ensure  data  entry  and  processing  is  accurate  and  complete. 
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Student  Accounts 
Receivable 


The  Accounts  Receivable  module  tracks  all  assessed  fees  to  the 
student  account  in  addition  to  waivers  and  credits  associated  with 
registration.   The  Accounts  Receivable  module  displays  term 
specific  tuition,  housing,  meal  plan,  and  fee  charges  and  applies 
student  fees  to  the  student  account  according  to  University  policy. 
The  fee  assessment  program  accurately  and  completely  processed 
student  fees  per  credit  based  on  the  approved  Board  of  Regents 
fee  schedule. 

We  also  reviewed  procedures  for  collecting  student  fees  as 
processed  in  the  Accounts  Receivable  module.   The  following 
section  discusses  how  the  University  could  improve  procedures 
which  ensure  University  collections  are  complete  and  accurate. 


Segregation  of  Cashier 
Duties 


Cashiers  adjust  Banner  student  fees  by  entering  registration  fee 
waivers  to  the  student  account.   Fee  waivers  include  late 
registration  fees,  student  health  insurance,  or  parking  decal  fees. 
Data  entry  personnel  may  also  adjust  student  fees,  record  student 
payments  into  Banner,  and  print  new  student  receipts.   Banner 
electronic  access  allows  cashiers  or  data  entry  employees  to  adjust 
fees  and  record  student  payments  without  authorization  from 
campus  departments. 


Management  procedures  should  ensure  individual  employees  are 
not  in  a  position  to  conceal  transaction  errors  or  irregularities. 
Existing  procedures  allow  employees  to  apply  fee  waivers  after 
receiving  a  student  payment.   Employees  could  pocket  the 
difference  and  record  a  "refund"  adjustment  to  the  student  account. 


Academic  History 
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Employees  establish  University  grading  policies  and  maintain 
student  grade  reports  within  the  Academic  History  module.   This 
module  calculates  academic  standing  based  on  University  defined 
rules  regarding  probation  and  dean's  list  policies.   The  module  also 
computes  and  maintains  semester  and  cumulative  GPA  information. 
We  limited  our  review  to  grade  data  entry  and  GPA  processing 
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procedures.  Except  for  the  issue  summarized  below,  grade  data 
entry  and  GPA  processing  controls  are  adequate  to  ensure 
accuracy  and  reliability  of  system  reported  grades . 


Grade  Entry  Procedures 


Registrar's  Office  employees  enter  student  grades  into  Banner  from 
grade  sheets  or  grade  change  forms  provided  by  instructors. 
Accurate  grade  data  entry  into  Banner  is  critical  for  proper  GPA 
processing,  transcript  accuracy,  and  student  financial  aid  eligibility. 

The  Registrar's  Office  should  formally  document  or  communicate 
grade  sheet  procedures  to  office  employees  and  campus  instructors. 
We  found  grade  sheet  changes  without  instructor  initials,  grade 
sheets  written  in  pencil  and  one  grade  sheet  submitted  by  fax.   The 
University  should  also  improve  physical  security  over  student 
grades.   University  employees  enter  student  grades  into  Banner  in 
an  office  which  all  students  may  access  throughout  the  day.  Until 
they  complete  the  data  entry,  office  employees  store  grade  sheets 
on  top  of  their  desks. 


Student  Financial  Aid 


The  Student  Financial  Aid  System  is  a  Banner  application  which 
interfaces  with  the  Student  Information  System.   Banner  Financial 
Aid  tracks  student  aid  applications  and  determines  eligibility  for 
student  aid  based  on  need  and  previous  academic  history  at  the 
University.  The  Student  Financial  Aid  module  determines  financial 
aid  awards  based  on  University  cost  of  attendance,  student  need, 
course  registration  credits,  and  other  criteria  defined  by  University 
employees.   Once  students  complete  registration  and  begin  classes, 
the  financial  aid  awards  are  distributed  (or  credited)  to  the  student's 
account  in  the  Accounts  Receivable  module. 


Banner  Financial  Aid  also  determines  student  eligibility  for 
financial  aid  by  evaluating  previous  academic  performance,  current 
credits  carried,  and  University  attendance.  For  example,  Banner 
places  students  on  financial  aid  probation  or  suspension  based  on 
previous  semester  grade  reports  provided  by  the  Academic  History 
module.   Banner  also  reviews  credits  carried  and  computes  aid 
adjustments  if  students  drop  courses  or  withdraw  from  school. 
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Overall,  we  found  application  controls  for  the  Student  Financial 
Aid  System  ensure  accuracy  and  reliability  of  system  data. 


Electronic  Access 
Controls 


The  audit  included  a  review  of  electronic  access  controls  within  the 
Banner  Student  Information  Systems.   The  review  concentrated  on 
University  access  authorization  procedures  and  user  privileges 
within  the  Student  Admissions,  Registration,  Accounts  Receivable, 
and  Financial  Aid  modules.   University  electronic  access 
procedures  are  fundamental  to  Banner  controls  over  data  entry  and 
processing  functions.   We  compared  employee  access  privileges  to 
Banner  against  actual  job  duties  performed  by  the  employees. 


Employee  Access  Based  on 
Job  Duties 


Management  should  limit  employee  access  to  application  data  in 
accordance  with  job  needs.   We  reviewed  employee  access  to 
system  forms  which  are  significant  to  overall  Banner  processing 
functions.   We  identified  several  employees  with  unnecessary 
access  to  the  Student  Registration  Form  which  allows  the 
employees  to  change  student  course  registration  data.   Several 
employees  also  have  unnecessary  privileges  to  authorize  student 
admission  or  change  admission  information  through  the  Student 
Admissions  Form. 


Many  of  the  employee  access  issues  resulted  because  employees  no 
longer  require  the  access  to  complete  their  current  job  duties.   In 
addition,  several  employees  were  given  access  they  did  not  need  by 
mistake.   The  University  should  periodically  review  electronic 
access  privileges  to  verify  access  provided  agrees  to  employee 
duties. 


Generic  Logon  IDs 
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The  Business  Services  Office  temporarily  assigns  generic  logon  IDs 
to  additional  campus  employees  during  the  student  bill  distribution 
process.  The  IDs  provide  access  to  the  Accounts  Receivable  and 
Registration  modules.   The  University  assigned  12  of  30  generic 
logon  IDs  to  additional  employees  during  Spring  Semester  1996. 
We  gained  unauthorized  access  to  Banner  with  the  remaining  logon 
IDs  by  entering  the  logon  ID  as  the  password. 
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Generic  IDs  compromise  system  security  by  allowing  multiple 
users  to  share  passwords.   When  used  in  combination  with  their 
individual  user  IDs,  employees  can  logon  simultaneously  at 
different  computer  terminals.    Access  to  the  Student  Registration 
and  Accounts  Receivable  modules  allows  users  to  change  student 
bills,  registration,  or  academic  information  without  authorization. 
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Introduction 


This  is  an  audit  of  internal  controls  over  The  University  of 
Montana-Missoula's  computer-based  Banner  Student  Information 
Systems  (Banner).   We  performed  an  electronic  data  processing 
audit  of  this  application.   This  audit  provides  assistance  to  the 
financial-compliance  audit  staff  of  the  Legislative  Audit  Division  in 
their  biennial  audit  of  The  University  of  Montana-Missoula. 


EDP  General  Controls 


An  Electronic  Data  Processing  (EDP)  audit  consists  primarily  of  a 
review  of  internal  controls.   In  an  automated  environment  the 
procedures  for  reviewing  controls  are  different  from  those  used  in 
a  manual  environment.    However,  the  objective  of  ensuring  the 
reliability  of  controls  is  still  the  same.   EDP  auditing  entails 
performing  a  general  and  an  application  control  review. 


Conclusion:  General 
Controls  Provide  Controlled 
Application  Processing  for 
Banner 


A  general  control  review  provides  information  regarding  the  ability 
to  control  EDP  applications  operating  in  the  audited  environment. 
We  reviewed  general  controls  over  the  University's  computer 
center  in  1994.   In  our  EDP  audit  report  (93DP-38),  we  concluded 
general  controls  provide  for  controlled  application  processing  on 
the  University's  mainframe  computer  system.   However,  we  did 
not  review  electronic  access  controls  specific  to  the  Banner 
application.   Chapter  III  discusses  our  review  of  electronic  access 
controls  and  areas  where  the  University  could  improve  security 
over  Banner  student  data. 


EDP  Application  Controls 


Application  controls  are  specific  to  a  given  application  or  set  of 
programs  that  accomplish  a  specific  objective.   Application  controls 
consist  of  an  examination  of  the  following  controls  and  objectives. 

Input  -  ensure  all  data  is  properly  encoded  to  machine  form  and 
that  all  entered  data  is  approved. 

Processing  -  ensure  all  data  input  is  processed  as  intended. 

Output  -  ensure  all  processed  data  is  reported  and  properly 
distributed  to  authorized  individuals. 
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Conclusion:  BANNER 
Application  Controls 
Provide  for  Reliable 
Processing 


Overall,  Banner  application  controls  ensure  data  processing  in 
accordance  with  management's  intent.   However,  we  found  areas 
where  input  and  output  controls  could  be  improved.   These 
concerns,  and  our  recommendations,  are  discussed  in  Chapter  II. 

A  review  of  the  application  documentation  and  audit  trail  was  also 
performed.  Applications  must  operate  within  the  general  controls 
environment  in  order  for  any  reliance  to  be  placed  on  them. 


Audit  Objectives 


The  objectives  of  the  audit  of  the  Banner  Student  Information 
Systems  were  to  evaluate  the: 


1 .  Application  controls  specific  to  Banner  Student  Admission, 
Registration,  Accounts  Receivable,  and  Financial  Aid  in  order 
to  assess  the  accuracy  and  reliability  of  data  input,  maintained 
and  processed  by  the  system. 

2.  Electronic  access  controls  over  Banner  Student  Admissions, 
Registration,  Accounts  Receivable,  and  Financial  Aid. 

3.  Compliance  with  Board  of  Regents  policy  over  Student 
Admissions  and  Registration,  and  federal  regulations  over 
Student  Financial  Aid. 


Audit  Scope  and 
Methodology 


The  audit  was  conducted  in  accordance  with  government  audit 
standards.   We  measured  the  University's  application  controls 
against  criteria  established  by  the  American  Institute  of  Certified 
Public  Accountants  (AICPA),  General  Accounting  Office  (GAO), 
and  accepted  industry  EDP  guidelines. 


We  conducted  an  application  control  review  of  the  Banner 
application,  as  it  operated  through  March  1996.   We  reviewed: 

1.  Input  controls  for  Student  Admissions,  Registration,  Student 
Grades,  Financial  Aid,  and  Accounts  Receivable.   The  review 
included  input  authorization,  data  entry  and  validation 
procedures,  batch  job  submission,  electronic  access  controls, 
and  error  correction  procedures. 

2.  Processing  controls  for  Student  Registration,  Student  Grades, 
Financial  Aid,  and  Accounts  Receivable.   The  review 
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included  report  reconciliation  procedures,  validation  edits,  and 
recalculation  of  student  GPA  and  registration  fee  formulas. 

3.      Output  controls  for  Student  Admissions,  Registration,  Student 
Grades,  Financial  Aid,  and  Accounts  Receivable.  The  review 
included  online  system  data,  system  generated  reports,  and 
report  distribution  procedures. 

We  determined  if  controls  over  data  are  effective  as  well  as 
adequate  to  ensure  accuracy  during  processing  phases.   We 
reviewed  system  documentation  and  interviewed  University 
personnel  to  gain  an  understanding  of  Banner  data  processing 
objectives  and  procedures.   In  addition,  we  evaluated 
management's  use  of  processed  data  as  reported  online  and  in  hard 
copy  form. 


Compliance 


We  reviewed  Banner  processing  for  compliance  with  University 
policy  and  specific  federal  regulations.   The  University  assessed 
student  admission  and  registration  fees  for  students  attending 
Spring  Semester  1996  in  accordance  with  Board  of  Regents  policy. 
The  University  complied  with  federal  regulations  for  student 
financial  aid  distribution  during  school  year  1995-96.   In  addition, 
Banner  system  student  grade  point  average  processing  for  Fall 
Semester  1995  was  completed  according  to  University  policy. 


Background 


The  University  of  Montana  -  Missoula  is  a  state  funded,  liberal  arts 
university  established  in  1893.   The  University  is  a  part  of  the 
Montana  University  System,  which  includes  two  universities  and 
several  colleges.   University  enrollment  exceeded  11,000  students 
during  Spring  Semester  1996. 


We  concentrated  our  review  on  Banner  modules  which  complete 
financial-related  or  federal  compliance  processing  decisions.   We 
reviewed  the  Student  Admissions,  Registration,  Academic  History, 
Financial  Aid  and  Accounts  Receivable  modules.   In  addition,  we 
reviewed  system  rules  and  validation  tables  which  direct  processing 
decisions  performed  by  these  modules.   We  also  reviewed 
electronic  access  controls  over  Banner.   Chapters  II  and  III  discuss 
the  review  of  application  and  electronic  access  controls. 
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Introduction  The  University  purchased  the  Banner  Student  Information  System 

in  1988.   The  Banner  Student  Information  System  is  made  up  of 
many  interactive  "modules"  necessary  for  student  administration. 
The  modules  are  Course  Catalog,  Class  Schedule,  General  Person, 
Location  Management  and  Housing,  Recruiting,  Admissions, 
General  Student,  Registration,  Accounts  Receivable,  Academic 
History,  and  Student  System  Management.   In  1991  the  University 
purchased  the  Banner  Student  Financial  Aid  System,  which 
interfaces  with  the  Banner  Student  Information  System.    Each 
module  contains  numerous  forms,  or  screens,  which  users  access  to 
view  or  update  student  information. 

The  Banner  systems  are  commercially  developed  applications  which 
operate  on  the  University's  mainframe  processor.   Banner  uses 
Oracle  relational  database  management  software  which  connects 
information  between  Banner  modules.    For  example,  the  student 
name  and  identification  number  is  shared  by  all  system  modules. 
By  entering  a  student  identification  number,  a  user  may  review 
information  about  the  student  throughout  the  Banner  modules. 
Access  to  system  modules  is  controlled  with  Sequential  Query 
Language  (SQL),  a  database  access  software.   SQL  defines  user 
privileges  for  adding,  changing,  deleting,  or  viewing  student 
information. 

The  Banner  systems  include  online  input  screens  employees  use  to 
enter,  review,  or  change  student  information.    Data  entry  is 
controlled  with  validation  forms  that  define  allowable  codes  to 
enter  into  these  screens.   Validation  forms  direct  processing 
decisions  based  on  criteria  defined  by  the  University.   Examples 
are  codes  established  for  "graduate"  or  "undergraduate." 
Validation  forms  include  system  indicators  which  direct  whether  or 
not  entry  of  the  code  affects  processing  decisions.   For  example, 
the  Admission  Application  Decision  Validation  Table  Form  defines 
allowable  decision  codes  to  enter  on  the  Admissions  Decision 
Form.   Code  "01"  indicates  the  University  accepts  the  application. 
This  decision  code  causes  the  Banner  Student  Information  System 
to  create  a  general  student  record  and  allows  the  student  to  register 
for  courses. 
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Rule  forms  direct  processing  decisions,  assess  student  fees,  or 
package  student  financial  aid  applications  into  award  groups.   Rule 
processing  is  completed  through  batch  job  submission  for  all 
students,  or  by  an  individual  student  online.   Batch  submission 
procedures  cause  processing  to  occur  on  student  records  which 
meet  established  criteria.   For  example,  Registrar  employees 
submit  batch  requests  to  assess  student  fees  for  all  undergraduates 
who  have  registered.   After  classes  begin  students  can  change 
registration  selections  which  may  reduce  or  increase  total  registered 
credits.     Employees  reassess  fees  upon  individual  student  request 
based  upon  changes  to  course  registration. 

This  chapter  discusses  our  review  of  application  controls  over 
Banner  Student  Admissions,  Registration,  Academic  History, 
Financial  Aid  and  Accounts  Receivable  modules.   Table  1  on 
page  6  highlights  Banner  student  information  processes  for  these 
modules. 

University  procedures  ensure  student  information  entered  into 
Banner  is  accurate  based  on  supporting  documentation.   Banner 
processing  decisions  ensure  student  information  is  processed 
according  to  management's  intent.   University  procedures  also 
ensure  system  output  reported  online  and  in  hard  copy  form  is 
complete,  accurate  and  reliable.   Overall,  we  found  Banner 
application  controls  provide  for  reliable  processing  results. 
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Student  Admissions 


The  Banner  Student  Admissions  module  establishes  admission 
records  and  identifies  items  an  applicant  should  provide  to 
complete  the  application  for  admission.   This  module  verifies 
students  are  admitted  in  accordance  with  University  criteria.   For 
example,  freshman  undergraduates  must  provide  an  application  for 
admission  with  a  $30  application  fee,  high  school  transcript  or 
GED  equivalent,  ACT/SAT  test  scores,  residency  status,  and 
medical  immunization  history.   After  Banner  verifies  the  applicant 
has  satisfied  admission  criteria,  employees  enter  a  decision  code 
which  authorizes  admission.   Once  a  student  is  admitted,  Banner 
creates  additional  student  records  and  allows  the  student  to 
complete  semester  registration. 


Our  objective  was  to  ensure  students  are  admitted  according  to 
Board  of  Regents  policy  prior  to  registering  for  courses.   We 
reviewed  data  entry  controls  over  student  information  entered  into 
the  Admissions  module.   We  found  student  application  information 
agrees  to  admissions  module  data  and  students  are  admitted  in 
accordance  with  University  policy  prior  to  receiving  authorization 
to  register.    We  concluded  input  controls  were  adequate  to  ensure 
accuracy  and  completeness  of  student  admissions  data  entry. 


Student  Registration 


The  University  uses  Dial  Bear,  an  interactive  voice  response 
software,  which  students  access  by  telephone  to  enter  registration 
selections.   Following  authorization  to  register,  students  telephone 
Dial  Bear  and  respond  to  a  voice  recording  which  requests  a 
student  identification  number,  personal  identification  number,  and 
course  numbers  to  add  or  delete.   Dial  Bear  is  designed  to  accept 
only  valid  course  codes,  and  prevents  registration  based  on  course 
prerequisite  and/or  vacancy.   Once  students  confirm  their 
registration  selections,  Dial  Bear  automatically  posts  the  selections 
to  the  Registration  module.   Registration  data  is  later  used  by  the 
Accounts  Receivable  module  to  assess  student  registration  fees. 


The  audit  objective  was  to  ensure  data  entry  and  processing 
controls  over  Student  Registration  provide  accurate  results  to  the 
Accounts  Receivable  module.   We  verified  Dial  Bear  properly 
converts  student  data  entry  into  Banner  machine-readable  form  and 
posts  registration  additions  or  deletions  to  the  Student  Registration 
module.    We  concluded  input  and  processing  controls  over 
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Student  Registration  were  adequate  to  ensure  data  entry  and 
processing  is  accurate  and  complete. 


Student  Accounts 
Receivable 


The  Accounts  Receivable  module  tracks  all  assessed  fees  to  the 
student  account  in  addition  to  waivers  and  credits  associated  with 
registration.   The  Accounts  Receivable  module  displays  term 
specific  tuition,  housing,  meal  plan,  and  fee  charges.   This  module 
also  allows  for  establishing  student  payment  installment  plans. 

The  Accounts  Receivable  module  properly  applies  student  fees  to 
the  student  account  in  accordance  with  University  policy.   We 
reviewed  University  procedures  for  maintaining  the  system  fee 
schedule.   The  Accounts  Receivable  fee  schedule  includes  reliable 
fee  codes  and  approved  fee  per  credit  values  which  are  assessed  to 
the  student  record  during  the  fee  assessment  batch  process.    The 
fee  assessment  program  accurately  and  completely  processed 
student  fees  per  credit  based  on  the  approved  Board  of  Regents 
fee  schedule. 

We  also  reviewed  Business  Services'  procedures  for  collecting 
student  fees  as  processed  in  Banner.   The  following  section 
discusses  how  the  University  could  improve  procedures  which 
ensure  University  collections  are  complete  and  accurate. 


Segregation  of  Cashier 
Duties 


Business  Services'  cashier  functions  include  collecting  student 
payments,  providing  a  student  receipt,  and  preparing  deposit  slips. 
Data  entry  duties  include  recording  student  payments  into  Banner 
based  on  the  receipts  generated  by  cashiers.   Employees  in 
Business  Services  share  job  duties  and  may  perform  cashier  or  data 
entry  functions.   As  discussed  in  the  following  paragraphs,  the 
University  should  segregate  cashier  and  keypunch  duties  to  reduce 
employee  potential  to  commit  inappropriate  or  unauthorized 
activity. 

Cashiers  adjust  Banner  student  fees  by  entering  registration  fee 
waivers  to  the  student  account.   Fee  waivers  include  late 
registration  fees,  student  health  insurance,  or  parking  decal  fees. 
Data  entry  personnel  may  also  adjust  student  fees,  record  student 
payments  into  Banner,  and  print  new  student  receipts.   Banner 
electronic  access  allows  employees  to  adjust  fees  and  record  student 
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payments  which  reduces  control  over  cash  collection  and  system 
data  entry.   Employees  could  enter  fee  waivers  without 
authorization  from  campus  departments. 

Management  procedures  should  ensure  individual  employees  are 
not  in  a  position  to  conceal  transaction  errors  or  irregularities. 
Existing  procedures  allow  employees  to  apply  fee  waivers  after 
receiving  a  student  payment.   The  employee  could  pocket  the 
difference  and  record  a  "refund"  adjustment  to  the  student  account. 
Cashier  balancing  procedures  only  verify  collection  totals  agree 
with  receipt  totals. 

The  University  should  change  existing  procedures  for  processing 
fee  waivers.   Campus  offices  which  authorize  registration  fee 
waivers  could  apply  the  waiver  to  the  student  bill.   This  would 
eliminate  the  need  for  cashiers  to  adjust  student  bills.   The 
University  could  also  restrict  electronic  access  privileges  in 
accordance  with  employee  job  duties  and  require  authorized 
support  for  student  bill  adjustments. 


Recommendation  #1 

We  recommend  The  University  of  Montana  -  Missoula: 

A.  Implement  procedures  to  restrict  student  bill 
adjustments  to  authorized  personnel. 

B.  Segregate  cashier  and  data  entry  procedures  by 
limiting  employee  access  to  the  Banner  Student 
Information  System  according  to  job  functions. 


Academic  History  Accurate  student  grade  data  is  critical  to  University  decisions 

regarding  continued  student  admission  and  financial  aid  eligibility. 
We  reviewed  the  Academic  History  module  to  evaluate  grade  data 
entry  and  grade  point  average  (GPA)  processing  procedures. 
Employees  establish  University  grading  policies  and  maintain 
student  grade  reports  within  this  module.   Banner  calculates 
academic  standing  based  on  University  defined  rules  regarding 
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probation  and  (lean's  list  policies.   This  module  also  computes  and 
maintains  semester  and  cumulative  GPA  information. 

We  reviewed  data  entry  procedures  over  student  grades  during  Fall 
semester  1995.   Employees  entered  student  grade  data  into  Banner 
based  on  supporting  grade  sheets  authorized  by  appropriate 
personnel.   System  processing  and  reporting  of  semester  and 
cumulative  GPA  was  accurate.   Except  for  the  issue  discussed 
below,  grade  data  entry  and  GPA  processing  controls  are 
adequate  to  ensure  accuracy  and  reliability  of  system  reported 
grades. 


Grade  Entry  Procedures  Registrar's  Office  employees  enter  student  grades  into  Banner  from 

grade  sheets  or  grade  change  forms  provided  by  instructors.    Grade 
sheets  document  the  final  semester  grades  and  grade  change  forms 
document  instructor's  changes  to  previously  submitted  grade 
sheets.   Accurate  grade  data  entry  into  Banner  is  critical  for  proper 
GPA  processing,  transcript  accuracy,  and  student  financial  aid 
eligibility. 

The  Registrar's  Office  has  established  informal  procedures 
instructors  should  follow  to  complete  student  grade  sheets.   For 
example,  the  office  requests  University  instructors  complete  and 
sign  grade  sheets  in  pen  and  initial  any  corrections.   These 
procedures  ensure  grade  entry  to  Banner  is  authorized  by  the 
instructor. 

The  Registrar's  Office  has  not  formally  documented  or 
communicated  grade  sheet  procedures.   We  found  grade  sheet 
changes  without  instructor  initials,  grade  sheets  written  in  pencil 
and  one  grade  sheet  submitted  by  fax.   Because  employees  enter 
approximately  48,000  grades  each  semester  into  Banner  over  a  two 
day  period,  they  do  not  verify  grade  sheet  accuracy.   Instead,  they 
rely  on  instructors  to  provide  accurate  grade  sheet  data. 

Management  procedures  should  ensure  grades  entered  into  Banner 
are  authorized  and  accurate.   Formal  procedures  will  reduce  the 
potential  for  unauthorized  grade  changes  and  provide  data  entry 
employees  guidance  for  reviewing  and  entering  grade  data. 
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In  addition  to  establishing  formal  grade  recording  procedures,  the 
University  should  also  improve  physical  security  over  student 
grades.   University  employees  enter  student  grades  into  Banner  in 
an  office  which  all  students  may  access  throughout  the  day.   Until 
they  complete  the  data  entry,  office  employees  store  grade  sheets 
on  top  of  their  desks.    Since  the  employees  do  not  verify 
authenticity  of  instructor  signatures  or  initials,  students  could 
change  grade  sheet  data.   The  University  could  store  grade  sheets 
in  locked  file  cabinets  when  not  in  use. 


Recommendation  #2 

We  recommend  The  University  of  Montana  -  Missoula: 

A.  Document  and  communicate  formal  student  grade 
recording  procedures  to  campus  instructors  and  data 
entry  employees. 

B.  Improve  physical  security  controls  over  student 
grades  to  prevent  unauthorized  grade  changes. 


Student  Financial  Aid  The  Student  Financial  Aid  System  is  a  Banner  application  which 

interfaces  with  the  Student  Information  System.   Banner  Financial 
Aid  tracks  student  aid  applications  and  determines  eligibility  for 
student  aid  based  on  need  and  previous  academic  history  at  the 
University.   All  students  submit  a  Free  Application  For  Federal 
Student  Aid  (FAFSA)  to  the  federal  Department  of  Education.   The 
federal  government  converts  the  applications  into  electronic  form 
and  submits  the  data  to  the  University.   Banner  evaluates  student 
data  for  completeness  and  accuracy,  and  notifies  employees  to 
obtain  additional  student  information.   The  FAFSA  is  required  for 
all  students  who  apply  for  Pell,  SEOG,  SSIG,  Stafford,  and  PLUS 
student  aid. 

After  processing  student  applications  for  accuracy  and 
completeness,  University  employees  submit  batch  jobs  to  package 
student  applications  into  award  groups.   The  Student  Financial  Aid 
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module  determines  financial  aid  awards  based  on  University  cost  of 
attendance,  student  need,  course  registration  credits,  and  other 
criteria  defined  by  University  employees.   The  module  also 
generates  award  letters  documenting  the  aid  package  offer  to 
students.   If  accepted,  another  batch  job  authorizes  distribution  of 
the  award  when  classes  begin.   Once  students  complete  registration 
and  begin  classes,  the  financial  aid  awards  are  distributed  (or 
credited)  to  the  student's  account  in  the  Accounts  Receivable 
module. 

Banner  Financial  Aid  also  determines  student  eligibility  for 
financial  aid  by  evaluating  previous  academic  performance,  current 
credits  carried,  and  University  attendance.   For  example,  Banner 
places  students  on  financial  aid  probation  or  suspension  based  on 
previous  semester  grade  reports  provided  by  the  Academic  History 
module.    Banner  Financial  Aid  also  reviews  credits  carried  and 
computes  aid  adjustments  if  students  drop  courses  or  withdraw 
from  school. 

We  reviewed  student  financial  aid  distributions  for  the  1995-96 
academic  school  year.   Financial  Aid  validation  forms  and  rules 
define  University  criteria  for  student  aid  awards.   Banner  Financial 
Aid  determines  student  aid  eligibility  in  accordance  with  federal 
and  University  criteria.   Financial  Aid  awards  are  properly 
disbursed  and  recorded  to  the  Student  Accounts  Receivable  module. 
We  also  determined  system  edits  and  management  procedures 
ensure  all  student  aid  applications  received  from  the  federal 
processor  are  subjected  to  eligibility  criteria.   Overall,  we  found 
application  controls  for  the  Student  Financial  Aid  System  ensure 
accuracy  and  reliability  of  system  data. 
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Introduction  The  audit  included  a  review  of  electronic  access  controls  within  the 

Banner  Student  Information  Systems.   The  review  concentrated  on 
University  access  authorization  procedures  and  user  privileges 
within  the  Student  Admissions,  Registration,  Accounts  Receivable, 
and  Financial  Aid  modules. 

The  University  limits  employee  access  to  the  Banner  systems  with 
Sequential  Query  Language  (SQL)  software.    SQL  controls  access 
through  electronic  rules  which  allow  or  prevent  user  access  to 
system  information.    If  authorized,  users  may  view,  add,  change  or 
delete  student  information. 

University  electronic  access  procedures  are  fundamental  to  Banner 
controls  over  data  entry  and  processing  functions.   For  example, 
employees  maintain  system  validation  and  rule  forms  designed  to 
ensure  accuracy  of  data  entry  and  processing.   Validation  forms 
define  allowable  codes  to  enter  into  specific  form  fields.   They 
include  system  indicators  which  direct  whether  or  not  entry  of  the 
code  affects  other  data  or  processing  decisions.   Rule  forms  direct 
processing  decisions  based  on  system  codes  entered  into  the  Banner 
systems.   For  example,  a  system  rule  defines  applicable  fees  to 
assess  a  student  depending  on  the  student's  credit  load,  academic 
program,  and  other  criteria. 

Banner  Student  Information  Systems  processing  is  distributed 
throughout  campus  offices.   Employees  at  various  locations 
maintain  selected  student  information  in  Banner.   For  example,  the 
Registrar's  Office  maintains  student  registration  and  grade 
information.   The  Student  Health  Services  Office  maintains  medical 
information  and  updates  Banner  to  indicate  if  students  have 
provided  required  medical  records  for  admission.   Financial  Aid 
employees  maintain  student  information  for  processing  financial  aid 
applications. 

We  compared  employee  access  privileges  to  the  Banner  systems 
against  actual  job  duties  performed  by  the  employees.   Access  to 
validation  and  rule  forms  is  limited  to  employees  responsible  for 
maintaining  validation  codes  and  rules.  The  following  sections 
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discuss  areas  where  the  University  could  improve  data  processing 
integrity  by  restricting  employee  access. 


Employee  Access  Based  on  We  reviewed  employee  access  to  system  forms  which  are 

Job  Duties  significant  to  overall  Banner  processing  functions.   For  example, 

we  reviewed  access  to  the  Student  Registration  Form,  Student 
Admissions  Form,  and  Admissions  Decision  Form.   Discussed 
below  are  instances  where  employees  should  not  be  authorized  to 
change  student  information. 

The  Student  Registration  Form  provides  course  registration 
information,  add  or  drop  activity,  and  passes  charges  based  on 
student  registration  to  the  Account  Receivable  module.   This  form 
is  updated  by  students  through  Dial  Bear  on-line  registration. 
Eleven  employees  have  unnecessary  authorization  to  change  student 
course  registration  data.   Employees  with  unnecessary  access  work 
in  various  departments  including  Campus  Security,  CIS  Informa- 
tion and  Administrative  Systems,  Chemistry  Department,  and  the 
Mansfield  Library. 

The  Admissions  Decision  Form  is  used  to  enter  the  decision  code 
authorizing  University  admission  and  course  registration.   Modify 
access  should  be  limited  to  employees  responsible  for  entering 
student  admissions  information.   Five  employees  have  unnecessary 
authorization  to  change  or  delete  student  admissions  data.   The 
access  allows  employees  to  enter  student  admissions  data  and 
authorize  student  admission.   Employees  work  in  Student  Financial 
Aid  and  CIS. 

The  Student  Admissions  Form  is  used  to  enter  student  information 
from  the  application  for  admission  to  the  University.   Modify 
access  should  be  limited  to  employees  responsible  for  entering  or 
changing  student  admissions  data.   The  Banner  System  Coordinator 
and  a  CIS  Programmer/ Analyst  Supervisor  have  unnecessary  access 
to  modify  student  admissions  information. 

Management  should  limit  employee  access  to  application  data  in 
accordance  with  job  needs.   Many  of  the  employee  access  issues 
resulted  because  employees  no  longer  require  the  access  to 
complete  their  job  duties.   In  addition,  several  employees  were 
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given  access  they  did  not  need  by  mistake.   The  University  should 
periodically  review  electronic  access  privileges  to  verify  access 
provided  agrees  to  employee  duties.   Unnecessary  access  privileges 
compromise  the  integrity  of  student  information  maintained  on 
Banner. 


Recommendation  #3 

We  recommend  The  University  of  Montana  -  Missoula: 

A.  Restrict  employee  access  to  the  Banner  Student 
Information  Systems  in  accordance  with  job  duties. 

B.  Establish  procedures  to  perform  periodic  internal 
reviews  and  evaluations  of  electronic  access  security 
over  the  Banner  Student  Information  Systems. 


Generic  Logon  IDs  The  Business  Services  Office  temporarily  assigns  generic  logon  IDs 

to  additional  campus  employees  during  the  student  bill  distribution 
process.   The  IDs  provide  access  to  the  Accounts  Receivable  and 
Registration  modules.   During  bill  distribution  students  may  prepay 
tuition  and  fees  for  the  upcoming  semester.   The  University 
assigned  12  of  30  generic  logon  IDs  to  additional  employees  at  the 
end  of  January  1996.   A  University  employee  indicated  these  logon 
IDs  were  removed  once  employees  distributed  student  bills. 

We  gained  unauthorized  access  to  the  Banner  Accounts  Receivable 
and  Registration  modules  with  the  remaining  logon  IDs  by  entering 
the  logon  ID  as  the  password.   The  access  privileges  assigned  to 
these  system  IDs  allow  users  to  modify  and  reprint  student  bills, 
change  student  course  registration  information,  or  record  student 
payments  and  modify  cashier  session  balancing  records.   These 
logon  IDs  allow  users  to  perform  job  duties  equivalent  to  Business 
Services  employees  responsible  for  data  entry  functions.   Our  audit 
procedures  indicate  the  University  does  not  need  all  30  additional 
IDs  during  the  bill  distribution  process. 
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Generic  logon  IDs  are  also  assigned  to  the  College  of  Technology 
campus.   They  allow  users  to  perform  Registrar  employee  duties 
such  as  updating  student  registration  data.   Another  ID  authorizes 
advisors  at  The  University  of  Montana  -  Missoula  to  adjust  student 
bills  or  change  student  information  such  as  academic  major  and 
minor. 

Generic  IDs  compromise  system  security  by  allowing  multiple 
users  to  share  passwords.   When  used  in  combination  with  their 
individual  user  IDs,  employees  can  logon  simultaneously  at 
different  computer  terminals.    Access  to  the  Student  Registration 
and  Accounts  Receivable  modules  allows  users  to  change  student 
bills,  registration,  or  academic  information  without  authorization. 


Recommendation  #4 

We  recommend  The  University  of  Montana  -  Missoula 
remove  unnecessary  generic  user  logon  ID's  from  the 
Banner  Student  Information  Systems. 


Electronic  Access  The  University  documents  user  access  on  a  request  form,  signed  by 

Authorization  Procedures  the  employee,  and  authorized  by  the  department  computing 

coordinator  and  the  Banner  System  Coordinator.   We  verified 
requests  for  access  were  documented  and  approved  by  the  Banner 
System  Coordinator  and  the  department  computing  coordinator. 

Two  of  twenty-five  users  tested  did  not  have  a  documented  access 
request  form.   The  University  noted  logon  ID  documentation 
procedures  were  implemented  after  installing  the  Banner  Student 
Information  Systems.   Therefore,  the  logon  IDs  were  not 
documented  for  the  employees. 

Management  procedures  should  ensure  electronic  access  to 
applications  is  based  on  employee  job  duties  to  prevent 
unauthorized  access.   Documented  and  properly  authorized  access 
requests  help  management  maintain  security  over  system  data. 
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Chapter  III  -  Electronic  Access  Controls 


Request  forms  also  document  the  employee's  agreement  to  abide  by 
the  University's  computer  ethics  policy. 


Recommendation  #5 

We  recommend  The  University  of  Montana  -  Missoula 
document  electronic  access  for  all  employees  with  access  to 
the  Banner  Student  Information  Systems. 
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Agency  Response 
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The  University  of 

Montana 


Office  of  the  President 
The  University  of  Montana 
Missoula,  Montana  59812-1291 

(406)  243-2311,  FAX  (406)  243-2797 


30  May  1996 

Scott  Seacat 

Legislative  Audit  Division 
Room  135  State  Capitol 
P.  O.  Box  201705 
Helena,  MT  59620-1705 

Dear  Mr.  Seacat: 


I  have  enclosed  The  University  of  Montana  -  Missoula's  response  to  the  Banner  Student 
Information  Systems  -  EDP  Audit  Report.   We  concur  with  the  recommendations  and  the 
University  will  address  the  noted  weaknesses  as  outlined  in  our  response. 

We  appreciate  the  cooperative  efforts  made  by  the  audit  team  and  thank  those  involved  for 
their  assistance. 


M.  Ddnnison, 
President 


juuulMTZL 


Enclosure 

c:         J.  Baker,  Commissioner  of  Higher  Education 
K.  Burgmeier,  Director,  Internal  Audit 
J.  Cleaveland,  Executive  Director,  Office  of  Information  Technology 
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An  Equal  Opportunity  University 


The  University  of  Montana  -  Missoula 

Response  to  Report  by  Legislative  Audit  Division 

EDP  Audit  -  Banner  Student  Information  Systems 

30  May  1996 


RECOMMENDATION  #1 

WE  RECOMMEND  THE  UNIVERSITY  OF  MONTANA-MISSOULA: 

A.  IMPLEMENT  PROCEDURES  TO  RESTRICT  STUDENT  BILL 
ADJUSTMENTS  TO  AUTHORIZED  PERSONNEL. 

B.  SEGREGATE  CASHIER  AND  DATA  ENTRY  PROCEDURES  BY  LIMITING 
EMPLOYEE  ACCESS  TO  THE  BANNER  STUDENT  INFORMATION 
SYSTEMS  ACCORDING  TO  JOB  FUNCTIONS. 

RESPONSE: 

A.  THE  UNIVERSITY  CONCURS  WITH  THE  RECOMMENDATION.   The 

University  will  evaluate  and  implement  appropriate  procedures  to  restrict  student  bill 
adjustments  to  authorized  personnel  by  30  June  1996.   Also,  the  University  is 
reviewing  options  for  application  of  a  one-stop  center  for  servicing  students.   This  new 
process,  to  be  implemented  in  August  1998,  will  address  this  issue  more 
appropriately. 

B.  THE  UNIVERSITY  CONCURS  WITH  THE  RECOMMENDATION.   The 

University  will  evaluate  and  improve  controls  over  cashiers  and  entry  personnel  by 
limiting  employee  access  wherever  possible  given  the  existing  resource  by  30  June 
1996. 


RECOMMENDATION  HI 

WE  RECOMMEND  THE  UNIVERSITY  OF  MONTANA-MISSOULA: 

A.  DOCUMENT  AND  COMMUNICATE  FORMAL  STUDENT  GRADE 
RECORDING  PROCEDURES  TO  CAMPUS  INSTRUCTORS  AND  DATA 
ENTRY  EMPLOYEES. 

B.  IMPROVE  PHYSICAL  SECURITY  CONTROLS  OVER  STUDENT  GRADES 
TO  PREVENT  UNAUTHORIZED  GRADE  CHANGES. 

RESPONSE: 
A.      THE  UNIVERSITY  CONCURS  WITH  THE  RECOMMENDATION.     The 

University  documented  and  communicated  grade  recording  procedures  to  faculty  9 

May  1996. 
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B.      THE  UNIVERSITY  CONCURS  WITH  THE  RECOMMENDATION.   In  May 

1996,  the  University  revised  grade  recording  procedures  and  communicated  these 
procedures  to  data  entry  employees. 


RECOMMENDATION  #3 

WE  RECOMMEND  THE  UNIVERSITY  OF  MONTANA-MISSOULA: 

A.  RESTRICT  EMPLOYEE  ACCESS  TO  THE  BANNER  STUDENT 
INFORMATION  SYSTEMS  IN  ACCORDANCE  WITH  JOB  DUTDZS. 

B.  ESTABLISH  PROCEDURES  TO  PERFORM  PERIODIC  INTERNAL  REVIEWS 
AND  EVALUATIONS  OF  ELECTRONIC  ACCESS  SECURITY  OVER  THE 
BANNER  STUDENT  INFORMATION  SYSTEMS. 

RESPONSE: 

A.  THE  UNIVERSITY  PARTIALLY  CONCURS  WITH  THE 
RECOMMENDATION.   Once  brought  to  the  University's  attention,  access  issues 
noted  in  the  report  were  modified.   But  the  University  feels  that  job  duties  for 
principal  positions  require  access  to  modify  the  student  system  and  maintained  that 
access. 

B.  THE  UNIVERSITY  CONCURS  WITH  THE  RECOMMENDATION.   The 

University  will  establish  procedures  by  1  June  1996  that  include  a  periodical  review  of 
access  to  the  Banner  Student  Information  System. 


RECOMMENDATION  #4 

WE  RECOMMEND  THE  UNIVERSITY  OF  MONTANA-MISSOULA  REMOVE 
UNNECESSARY  GENERIC  USER  LOGON  IDs  FROM  THE  BANNER  STUDENT 
INFORMATION  SYSTEMS. 

RESPONSE: 

THE  UNIVERSITY  CONCURS  WITH  THE  RECOMMENDATION.   The  University 
concurs  that  generic  user  IDs  be  properly  controlled  and  used.   The  University  discontinued 
use  of  unnecessary  generic  user  IDs.  Modification  to  controls  will  automate  expiration  dates 
and  password  changes.   These  changes  will  be  completed  and  implemented  by  30  June  1996. 
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RECOMMENDATION  #5 

WE  RECOMMEND  THE  UNIVERSITY  OF  MONTANA-MISSOULA  DOCUMENT 
ELECTRONIC  ACCESS  FOR  ALL  EMPLOYEES  WITH  ACCESS  TO  THE  BANNER 
STUDENT  INFORMATION  SYSTEMS. 

RESPONSE: 

THE  UNIVERSITY  CONCURS  WITH  THE  RECOMMENDATION.      Once  the 
University  implemented  the  Banner  Student  Information  System,  procedures  were  developed 
to  ensure  appropriate  and  authorized  access.     All  employees  with  Banner  accounts  complete 
appropriate  forms,  except  the  two  employees  noted  in  the  report.   These  two  employees  had 
accounts  before  the  installation  of  the  system.   One  employee  has  since  taken  another  job. 
The  University  will  document  access  for  the  one  remaining  employee  by  30  May  1996. 
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